On Thursday, September 04, 2014 06:08:06 PM Richard Guy Briggs wrote:
> > I assume the mix of new-, new_, old- and old_ are there due to
> > historical raisins and changing them would break userspace...
Yes it would. It can break more than ausearch. For example, there could be an
analysis script that does this:
while au.parse_next_event():
if au.find_field("new_gid"):
do_something()
Changing the event would cause the program to not find the event it was looking
for.
> > Here's a unified diff of a few obvious minor cleanups...
I took most of these changes and added some more changes of my own. A revised
copy has been uploaded.
-Steve
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
